Also limit the range of vlan ids. Other implementations and
documentation use the ranges {0,1}-{4094,4095}, but we use
the one accepted by the kernel: 0-4094.
Reported-by: Oleksii Shevchuk <alxchk@gmail.com>
Let's always call the security labels the same way:
SMACK: "Smack Label"
SELINUX: "SELinux Security Context"
And the low-level encapsulation is called "seclabel". Now let's hope we
stick to this vocabulary in future, too, and don't mix "label"s and
"security contexts" and so on wildly.
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
This was noticed in Brussels at the hackfest. The fstab-generator currently
creates a broken symlink pointing to itself in
/run/systemd/generator/local-fs.target.wants/ for systemd-fsck-root.service
In the parse_env_file_push() and load_env_file_push() functions, there
are two assert() call to check if the key or value parameters are utf8 valid.
If the strings aren't utf8 valid, assert does abort.
These function are used early by systemd to parse some files. For
example '/etc/locale.conf'. In my case this file contained a not utf8
sequence, which is bad, but systemd crashed during the boot, which
is even worse!
The enclosed patch removes the assert and return -EINVAL if the
sequence is invalid. This is possible because the caller of these
function [1] checks the errors.
So the check of an invalid utf8 sequence is still performed, but
systemd doesn't crash anymore and logs the error.
[1] parse_env_file_internal(), invoked by load_env_file() and
parse_env_file()
The session_send_create_reply() function which notifies clients about
session creation is used for both session and user units. Unify the
shared code in a new function session_jobs_reply().
The session_save() will be called unconditionally on sessions since it
does not make sense to only call it if '!session->started', this will
also allow to update the session state as soon as possible.
This allows us users of the library to keep copies of old leases. This is
used by networkd to know what addresses to drop (if any) when the lease
expires.
In the future this may be used by DNAv4 and sd-dhcp-server.
In some cases it is interesting to map a PID to two units at the same
time. For example, when a user logs in via a getty, which is reexeced to
/sbin/login that binary will be explicitly referenced as main pid of the
getty service, as well as implicitly referenced as part of the session
scope.
Simplify the shutdown logic a bit:
- Keep the session FIFO around in the PAM module, even after the session
shutdown hook has been finished. This allows logind to track precisely
when the PAM handler goes away.
- In the ReleaseSession() call start a timer, that will stop terminate
the session when elapsed.
- Never fiddle with the KillMode of scopes to configure whether user
processes should be killed or not. Instead, simply leave the scope
units around when we terminate a session whose processes should not be
killed.
- When killing is enabled, stop the session scope on FIFO EOF or after
the ReleaseSession() timeout. When killing is disabled, simply tell
PID 1 to abandon the scope.
Because the scopes stay around and hence all processes are always member
of a scope, the system shutdown logic should be more robust, as the
scopes can be shutdown as part of the usual shutdown logic.
When a process dies that we can associate with a specific unit, start
watching all other processes of that unit, so that we can associate
those processes with the unit too.
Also, for service units start doing this as soon as we get the first
SIGCHLD for either control or main process, so that we can follow the
processes of the service from one to the other, as long as process that
remain are processes of the ones we watched that died and got reassigned
to us as parent.
Similar, for scope units start doing this as soon as the scope
controller abandons the unit, and thus management entirely reverts to
systemd. To abandon a unit introduce a new Abandon() scope unit method
call.
Use PID_FMT/USEC_FMT/... in more places.
Also update logind error messages to print the full path to a file that
failed. This should make debugging easier for people who do not know
off the top of their head where logind stores it state.
This is initialized from XDG_SESSION_DESKTOP and is useful for GNOME
to recognize its own sessions. It's supposed to be set to a short string
identifying the session, such as "kde" or "gnome".
